paper

Enterprise AI Must Enforce Participant-Aware Access Control

Shashank Shreedhar Bhatt et al. (Microsoft Research) · Sep 18, 2025

The line in the sand. They show adversaries extracting confidential data through fine-tuning and RAG, and that probabilistic defences (prompt sanitisation, output filtering) do not hold. The proposed rule is deterministic: nothing enters training, retrieval or generation unless every participant in the interaction is explicitly authorised to see it. The strictest formulation of need-to-know for AI systems, and the standard the rest of this list should be measured against.

← Back to sources